[1][2] The most commonly encountered strains of ANTI have only subtle effects, and thus can exist and spread indefinitely without being noticed until an antivirus application is run.
[8] If the text matches, the virus executes the code at offset 0 of the sector via a JSR.
No disks containing a matching string are known to exist, so in practice this payload has no effect.
Based on this search for an expected string at a specific location on the disk, Danny Schwendener of ETH Zurich hypothesised that ANTI had been intended to form part of a copy protection scheme,[10] which would detect the reorganisation caused by a standard filesystem copy.
[3] Unlike preceding Macintosh viruses, ANTI can not be detected by specific resource names and IDs; a slower string comparison search is required in order to find signatures associated with the virus.